Elliptic Curve Cryptography

Elliptic curve cryptography (ECC) is a public key cryptographic algorithm used to perform critical security
functions, including encryption, authentication, and digital signatures. ECC is based on the elliptic curve
theory, which generates keys through the properties of the elliptic curve equation, compared to the
traditional method of factoring very large prime numbers.

ECC vs RSA: Key differences

Rivest-Shamir-Adleman (RSA) cryptographic method is still the most widely adopted public-key
algorithm today. It’s used extensively to encrypt and authenticate websites, emails, software, etc.

Originally invented by Ron Rivest, Adi Shamir, and Leonard Adleman in 1977, RSA uses the
prime factorization method, which involves taking two large random prime numbers and
multiplying them to create a public key.

RSA algorithm has served the security world well for decades. However, the mathematics and
computational power required to factor large numbers and ‘break’ RSA keys have become
increasingly more available and practical for attackers to use. To counter the threats posed by
advanced computing and mathematics, RSA key sizes need to grow, which becomes unsustainable
in the long-term.

Several researchers have found vulnerabilities in RSA public keys in recent years. For example,
in 2020, Keyfactor researchers analyzed more than 75 million active RSA keys across the internet,
discovering that 1 in every 172 certificates using RSA keys are vulnerable to a practical attack
known as ‘factoring.’

ECC is considered more secure than RSA, because RSA is based on factoring large numbers, a
problem that computers have solved. In contrast, elliptic curve cryptography is based on the
discrete logarithm problem, which is much harder to solve. It’s been proven that even with today’s
technology; it would take longer than the universe’s age to reverse engineer a key that’s been
generated using ECC.

ECC keys are also much shorter than RSA keys—the most common type of key used in public-
key cryptography—making them much easier to manage and store. Shorter keys also mean less
processing power is required to encrypt and decrypt data, making ECC more efficient than other
algorithms.

What are the benefits of ECC?

Several benefits make elliptic curve cryptography an attractive option for certain applications.
First, as mentioned above, ECC requires smaller keys than other methods to achieve the same level
of security. This can be important in constrained environments where limited storage is available.
Because ECC offers equivalent security with lower computing power and battery resource usage,
it is becoming more widely used in crypto currency platforms, including Bit coin and Ethereum,
mobile applications, and low-power devices that have limited computational power.

Finally, ECC can be used for digital signatures, key exchange, and other purposes; this makes it a
versatile tool for many different applications.

How does ECC work?

An elliptic curve is a plane curve defined by an equation of the form y^2 = x^3 + ax + b. A and b
are constants, and x and y are variables. Elliptic curves have many interesting mathematical
properties that make them well-suited for cryptography. For example, given two points P and Q
on an elliptic curve, there is a third point R such that P + Q = R. This property is called “point
addition” and is illustrated below.

Another valuable property of cryptography is “point doubling.” This is when we take a point P on
an elliptic curve and find another point 2P such that P + P = 2P. This is illustrated below.

We can keep doubling points until we get to the point that we call “the infinity point,” which we
denote as O. You can think of this as the limit case where the distance between P and 2P gets
arbitrarily close to zero.

Thus, we can add and double points on an elliptic curve to our heart’s content and never get the
exact moment twice (except for O).

Given any point P on an elliptic curve, an infinite number of points can be obtained by adding and
doubling P (including O). Consequently, an endless number of possible keys can be generated
using elliptic curves.

How is Elliptic Curve Cryptography used?

Now that we’ve seen elliptic curves and their work, let’s look at how they’re used in cryptography.
Elliptic curve cryptography typically relies on the Elliptic Curve Discrete Logarithm Problem
(ECDLP), which states that it is hard to solve for x if we know y = g^x mod p where g is some
known integer and p is prime.

This problem is complex because there is no known way to efficiently find x given y (that is,
without trying every possible value of x until we find one that works).

Since the DDL problem is hard to solve, it follows that it would also be hard to solve for y if we
know x = g^y mod p. That is, it would be difficult for someone who doesn’t know the secret
exponent y to compute y given x (again, without trying every possible value until they find one
that works).
Therefore, if we choose our parameters g and p carefully, it should be difficult for someone who
doesn’t know the secret exponent x to compute x given y (or vice versa).

As long as it’s hard to compute the secret exponent x given y (or vice versa), we can use elliptic
curve cryptographic algorithms for things like digital signatures and key agreement protocols.

Real-world applications of Elliptic Curve Cryptography

Elliptic curve cryptography has several practical applications in the real world. One example is
online banking and payments. When you make an online purchase with your debit or credit card,
your information is often encrypted using ECC before it’s sent over the internet. This ensures that
your information remains confidential and secure throughout the transaction process.

Another application of ECC is in email encryption. Pretty Good Privacy (PGP) is a popular email
encryption software that can leverage ECC to protect your emails from being read by anyone other
than the intended recipient.

PGP works by generating a public/private key pair for each user. The public key can be shared
with anyone, but the private key must be kept confidential at all times. To encrypt an email, you
simply need the recipient’s public key; conversely, you’ll need your private key to decrypt an
email you’ve received.

Quantum Cryptography

The uncertainty principle of quantum physics builds the earliest foundations for
quantum cryptography. With quantum computers of the future being expected to solve discrete
logarithmic problems and the popularly known cryptography methods such as AES, RSA, DES,
quantum cryptography becomes the foreseen solution. In practice, it is used to establish a shared,
secret and random sequence of bits to communicate between two systems let’s say, Alice and Bob.
This is known as Quantum Key Distribution. After this key is shared between Alice and Bob,
further exchange of information can take place through known cryptographic strategies.

Based On Heisenberg’s Uncertainty Principle:

BB84 and variants: A single-photon pulse is passed through a polarizer. Alice can use a particular
polarizer to polarize a single-photon pulse and encode binary value bits to the outcome of a
particular type (vertical, horizontal, circular, etc) of a polarizer. On receiving the photon beam,
Bob would guess the polarizer, and Bob can thus match the cases with Alice and know the
correctness of his guesses. If Eve would have been trying to decode then polarization by Eve’s
polarizer would have caused discrepancies in the match cases of Bob and Alice and thus they
would know about eavesdropping. Thus in such a system if Eve tries to eavesdrop it will get to the
notice of Alice and Bob.

• The B92 protocol has only two polarization states unlike the 4 in the original BB84.
 • BB84 has a similar protocol SSP that uses 6 states to encode the bits.

• SARG04 is another protocol that uses attenuated lasers and provides better results than
BB84 in more than one photon system.

Based On Quantum Entanglement:

E91 and Variants: There is a single source that emits a pair of entangled photons with Alice and
Bob receiving each particle. Similar to the BB84 scheme Alice and Bob would exchange encoded
bits and match cases for each photon transferred. But in this scenario, the outcome of the results
of the match cases of Alice and Bob will be the opposite as a consequence of the Entanglement
principle. Either of them will have complement bits in bit strings interpreted. One of them can then
invert bits to agree upon a key. Since Bell’s Inequality should not hold for entangled particles thus
this test can confirm the absence of eavesdroppers. Since practically it is not possible to have a
third photon in entanglement with energy levels sufficient for nondetect ability, thus this system
is fully secure.

• SARG04 and SSP protocol models can be extended to Entangled particles theory.

Possible Attacks In Quantum Cryptography:

• Photon Number Splitting (PNS) Attack: Since it is not possible to send a single photon
thus a pulse is sent. Some of the photons from a pulse can be captured by Eve and after
matching of bits by Alice and Bob, Eve can use the same polarizer as done by Bob and
thus get the key without being detected.

• Faked-State Attack: Eve uses a replica of Bob’s photon detector and thus captures the
photons intended for Bob and further passed it to Bob. Though Eve knows about the
encoded bit, Bob thinks that he received it from Alice.

How does Quantum Cryptography work?

Quantum Cryptography works on the principle of quantum entanglement, which is a phenomenon

where two particles are correlated in a way that the state of one particle affects the state of the
other particle, even when they are separated by a large distance. In quantum cryptography, the two
parties, Alice and Bob, use a pair of entangled particles to establish a secure communication
channel.

The process involves the following steps:

1. Alice sends a stream of photons (particles of light) to Bob.

2. Bob randomly selects a subset of photons and measures their polarization (direction of
oscillation).
 3. Bob sends the result of his measurements to Alice through a classical communication
channel.

4. Alice and Bob compare a subset of their measurements to detect any eavesdropping.

5. If no eavesdropping is detected, they use the remaining photons to encode their message.

6. The encoded message is then sent over a classical communication channel.

Why is Quantum Cryptography secure?

The security of Quantum Cryptography relies on the fundamental laws of quantum mechanics.
Any attempt to intercept or measure the photons during the transmission would disturb their state,
and the disturbance would be detected by Alice and Bob, alerting them to the presence of an
eavesdropper. This is known as the “no-cloning theorem,” which states that it is impossible to
create an exact copy of an unknown quantum state. Therefore, the security of the communication
channel is guaranteed by the laws of physics, making it impossible to hack.

Applications of Quantum Cryptography

Quantum Cryptography has the potential to revolutionize the way we communicate by providing
a secure communication channel that is immune to cyber-attacks. Some of the applications of
Quantum Cryptography include:

• Financial transactions: Quantum Cryptography can provide a secure communication

channel for financial transactions, making it impossible for cybercriminals to intercept and
steal sensitive financial information.

• Military and government communication: Quantum Cryptography can be used by

military and government agencies to securely communicate sensitive information without
the fear of interception.

• Healthcare: Quantum Cryptography can be used to secure healthcare data, including

patient records and medical research.

• Internet of Things (IoT): Quantum Cryptography can be used to secure the

communication channels of IoT devices, which are vulnerable to cyber-attacks due to their
low computing power.

Challenges of Quantum Cryptography

While Quantum Cryptography is a promising technology, it is not without its challenges. Some of
the challenges include:

1. Cost: Quantum Cryptography is an expensive technology that requires specialized

equipment and infrastructure, making it difficult to implement on a large scale.
 2. Distance limitations: The distance between the two parties is limited by the attenuation of
the photons during transmission, which can affect the quality of the communication
channel.

3. Practical implementation: The implementation of Quantum Cryptography in real-world

scenarios is still in its early stages, and there is a need for more research and development
to make it more practical and scalable.

Advantages:

Unconditional security: Quantum cryptography provides unconditional security, which means

that it is impossible for an eavesdropper to intercept or copy the data being transmitted without
being detected.

Key distribution: Quantum cryptography can be used for secure key distribution, which is an
essential component of many encryption algorithms.

Speed: Quantum cryptography can provide secure communication at very high speeds, which is
important for applications that require real-time data transfer.

Long-term security: Quantum cryptography is resistant to attacks by future quantum computers,

which means that data encrypted using quantum cryptography will remain secure even in the
future.

Verification of security: Quantum cryptography provides a way to verify the security of the
communication by detecting any attempt to intercept or tamper with the data.

Disadvantages:

Cost: Quantum cryptography can be expensive to implement due to the need for specialized
hardware and software.

Distance limitations: Quantum cryptography has distance limitations due to the nature of
quantum entanglement, which means that it is currently limited to short-range communication.

Complexity: Quantum cryptography is a complex technology that requires specialized knowledge

and skills to implement and maintain.

Key distribution limitations: Quantum cryptography is limited by the need for a trusted third
party to distribute the cryptographic keys, which can be a potential weakness in the system.

Vulnerability to side-channel attacks: Quantum cryptography is vulnerable to side-channel

attacks, such as attacks on the hardware or software used to implement the system.